Managing a Collaborative WordPress Site Safely and Effectively

This guest post is by Juliana Payson of InMotion Hosting

As a longtime WordPress user, I have run many successful websites in the past and have invited many writers/contributors/developers to join my team. To make the process go smoothly, I had to give them access to the WordPress backend. This decision comes with its own risks and rewards. In this article, I will share how I manage a collaborative WordPress site safely and effectively.

Why you would need to give out admin access?

WordPress is a dynamic platform by nature. On top of that websites are always evolving and competing with the current evolution of web design can get hard at times. Web trends for blog design have changed from the heavy sidebar orientation of the 90’s, the floating header banners of the Noughties, and now we’re just pushing the bar with HTML5. For people like me, experimentation with how far you can push the interactivity of WordPress is part of blogging. Often I break the site while experimenting, and then have to give someone admin access to help me fix it. Sometimes I want features in my themes that are beyond my ability to implement. Other times, I need help managing comments or I just don’t want to do the process of copying and pasting articles from our content writers. To manage my time efficiently and focus on what I’m good at, I utilize writers, contributors, and developers to help me run my websites successfully.

How to Pick the Right People

One of the positives of building a team is that you can get a bunch of passionate people who are willing to put in the time and effort to build your website up. This is the time that you can use to focus on what you do best! If you prescribe to pick the right people to begin with and spend that extra time being careful about it, then you will avoid many of the problems which I will describe below. This is the first tip for controlling security on your backend install, pick a passionate, good-natured team!

I’ve often used eLance, invited bidders with specific skill sets, and negotiated with their bids. The negotiating process alone gives you a good feel about their nature and whether you would like to work with them and trust them with access to your WordPress hosting.

Here’s the trick to inviting the right bid for the work you are offering. “It should be EASY for someone who KNOWS how…” those few words will immediately filter out those that will say it’s a two week job, maybe to negotiate a higher price. You will likely get a broad range of bids if this is your first time on eLance, don’t be put off by seemingly high prices, or get attracted to the lowest bid. Give yourself time to communicate with each and get a feel of their negotiation skills. This guy was a previous winner with me, and I negotiated his bid price down by showing him the level of planning and preparation I had gone through prior to putting the job out. This made sure that he knew I didn’t want any duplicitous effort on top of the things I’d already spent time in preparing. The keywords I picked up on was that he expressed how interesting, fun, and easy the task was. I’m all up for choosing passionate people on my team!

Elance Awarded

The tested skill sets I look out for when it comes to potential WordPress admins in particular are: WordPress 3.1, CSS 3.0, PHP5. Tested skill sets are done against a timer, so you have reassurance that the person you are hiring is not learning on the job.

eLance Skills

You can always give people a chance who’ve never picked up work before on eLance, but there is a learning curve associated with how to communicate effectively with your new teammate – and I treat them as such. If communication feels abrupt instead of concise, I take this as a hazard that’s probably best avoided.

User Role Management

Giving out “administrator” level account can be risky. Specially if it is someone you DO NOT know that well. Also not everyone in your team need to have the same set of permission level. For example, if they are an author, then they should only have author level permission. Sometimes you may want to promote an author as a moderator or community manager, so you can simply create a new role that adds that capability to their user role. For this I use User Role Editor Plugin.

In this particular case, I chose to create a new role called “webmaster” which gives user a specific set of permissions. To do this, you need to go to the User Role Editor settings and create a new type of role. I assigned this “webmaster” role all the capabilities of an ‘Editor’ to start things off. This person may need to go into some of my page posts and fix bugs in the HTML, so at minimum I have to give this person editor controls.

Role Manager Settings

Once you have successfully created a ‘Webmaster Role’, select the user role from the drop down list, and add any additional capabilities that you like. In my case I added the following:

  • Activate Plugins
  • Edit Plugins – to edit the PHP and adapt CSS to fit your site for example.
  • Edit Theme Options – certain stylesheet customization
  • Edit Themes – may need to fix javascript conflicts in header file
  • Install Plugins
  • Install themes – for your perusal note that I have omitted ‘Activate Themes’
  • Manage Options – sometimes publishing options from remote need to be whitelisted to allow your webmaster extra flexibility.

I can go in at any time and remove privileges once tasks are complete.

Update Roles in User Role Manager

Now, assigning your new user the blanket capabilities of their new ‘Webmaster’ role:

Select the new user you created, a subpage will appear giving you the opportunity to assign the new type of role you created. Hint, don’t actually set up ‘Admin’ as a username, it’s common for someone to crudely hack in if they have half the job done for them by using a global name. I’ve used this for demonstration only!

Assigning User Roles

User Monitoring using ThreeWP Activity Monitor

While role management is a good way to keep control, for extra peace of mind there is a plugin that will track what all your registered users are doing.

ThreeWP Activity Monitor

It does this by reporting the user activity change-log in one central location.

Hopefully you’ve now narrowed the room for error with your multi-author site, and got some peace of mind that anything outcropping as a result of user error or tampering is at least traceable. Now that you know how to keep your site secure with multiple contributors, here is an article that will show you how to manage a good editorial workflow, and make your collaborative team more organized.

Juliana Payson (@JulianaPayson) is a Content Manager based in Los Angeles for InMotion Hosting, famous for their dedicated hosting. She develops content based on Web 2.0 design and ‘Socialization’ of websites.